Skip to main content
SpringerLink
Log in

A spatial stochastic model for worm propagation: scale effects

  • Eicar 2007 Best Academic Papers
  • Published:
Journal in Computer Virology Aims and scope Submit manuscript

Abstract

Realistic models for worm propagation in the Internet have become one of the major topics in the academic literature concerning network security. In this paper, we propose an evolution equation for worm propagation in a very small number of Internet hosts, hereinafter called a subnet and introduce a generalization of the classical epidemic model by including a second order spatial term which models subnet interactions. The corresponding gradient coefficient is a measure of the characteristic scale of interactions and as a result a novel scale approach for understanding the evolution of worm population in different scales, is considered. Results concerning random scan strategies and local preference scan worms are presented. A comparison of the proposed model with simulation results is also presented. Based on our model, more efficient monitoring strategies could be deployed.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Anderson R.M., May R.M. (1991). Infectious diseases of humans: dynamics and control. Oxford University Press, Oxford

    Google Scholar 

  2. Blaster (2003) eEye Digital Security, Blaster worm analysis. http://www.eeye.com/html/Research/Advisories/AL20030811.html

  3. Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., Barham, P.: Vigilante: End-to-End Containment of Internet Works. In: 20th ACM symposium on Operating systems principles, pp. 133–147 (2005)

  4. Gu, G., Sharif, M., Qin, X., Dagon, D., Lee, W., Riley, G.: Worm detection, early warning and response based on local victim information. In: 20th Annual Computer Security Applications Conference, pp. 136–145 (2004)

  5. Heathcote The mathematics of infectious diseases. SIAM Rev. 42(4), 599–653 (2000)

  6. Kephart, White: Directed graph epidemiological models of computer viruses. IEEE Symposium on security and privacy (1991)

  7. Kermack, W.O., McKendrick, A.G.: A contribution to the mathematical theory of epidemics. In: Proceedings of the Royal Society of London. Series A, Containing Papers of a Mathematical and Physical Character, vol. 115, No. 772, pp. 700–721 (1927)

  8. Kesidis, G., Hamadeh, I.: Jiwasurat Soranun.: coupled Kermack–McKendrick models for randomly scanning and bandwidth-saturating internet worms. In: QoS-IP 2005, LNCS 3375, pp. 101–109 (2005)

  9. Moore D., Paxson V., Savage S. (2003). Inside the slammer worm. Slammer 1: 33–39

    Google Scholar 

  10. Moore D., Shannon C., Brown J.: Code-red: a case study on the spread and victims of an internet worm. In: Proceedings of 2-th Internet Measurement Workshop (IMW) (2002)

  11. Moore, D., Shannon, C., Voelker, G.M., Savage, S.: Internet Quarantine: Requirements for Containing Self-Propagating Code. INFOCOM (2003)

  12. Nimda (2001) Symantec, “W32.nimda.a@mm,” http://www. symantec.com/avcenter/venc/data/w32.nimda.a@mm.html

  13. Onwubiko, et al.: An improved worm mitigation model for evaluating the spread of aggressive network worms (2005)

  14. Sharif, M.I., Riley, G.F., Lee, W.: Comparative study between analytical models and packet-level worm simulations. In: 19th Workshop on Principles of Advanced and Distributed Simulation. IEEE, pp. 88–98 (2005)

  15. Serazzi, G., Zanero, S.: Computer virus propagation models. In: Calzarossa, M.C., Gelenbe, E. (eds.) Tutorials of the 11th IEEE/ACM Int’l symp. on modeling, analysis and simulation of computer and telecom—systems—MASCOTS 2003. Springer, New York (2003)

  16. Sidiroglou, S., Keromytis, A.D.: (2005) Countering network worms through automatic patch generation. IEEE Security and Privacy

  17. Staniford S., Paxson V., Weaver N.: How to own the internet in your spare time. In: Proceedings of the 11th USENIX security symposium (Security ’02) (2002)

  18. Wang Y., Chakrabarti D., Wang C., Faloutsos C.: Epidemic spreading in real networks: an eigenvalue viewpoint. In: Proceedings of the 22nd International Symposium on Reliable Distributed Systems (2003)

  19. Weaver N., Paxson V., Staniford S., Cunningham R.: A taxonomy of computer worms. In: ACM Workshop on Rapid Malcode (WORM) (2003)

  20. Yang, W., Chenxi, W.: Modeling the effects of timing parameters on virus propagation. In: Proceedings of the 2003 ACM workshop on Rapid Malcode, pp. 61–66. ACM Press, New York (2003)

  21. Yu, W., Wang, X., Xuan, D., Lee, D.: Effective detection of active worms with varying scan rate. In: Proceedings of IEEE International Conference on Security and Privacy in Communication Networks (SecureComm), to appear (2006)

  22. Zou, C.C., Gong, W., Towsley, D.: Code red worm propagation modeling and analysis. In: Proceedings of the 9th ACM conference on computer and communications security, pp 138-147. ACM Press, New York (2002)

  23. Zou, C., Gong, W.B., Towsley, D., Gao, L.X.: Monitoring and early detection for internet worms. In: Proceedings of the 10th ACM Conference on Computer and Communication Security (CCS), October (2003)

  24. Zou Cliff, C., Towsley, D., Gong, W.: On the performance of Internet worm scanning strategies. Performance Evaluation 63 (2006), Science Direct, pp. 700–723 (2006)

Download references

Author information

Authors and Affiliations

  1. Department of Informatics, Ionian University, Platia Tsirigoti 7, 49100, Corfu, Greece

    Markos Avlonitis, Emmanouil Magkos, Michalis Stefanidakis & Vassilis Chrissikopoulos

Authors
  1. Markos Avlonitis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Emmanouil Magkos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michalis Stefanidakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vassilis Chrissikopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Markos Avlonitis.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Avlonitis, M., Magkos, E., Stefanidakis, M. et al. A spatial stochastic model for worm propagation: scale effects. J Comput Virol 3, 87–92 (2007). https://doi.org/10.1007/s11416-007-0048-y

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-007-0048-y

Keywords

Search

Navigation